lcuis
commented
2 years ago Also, the same app got the "Tamper" RASP event while installed on our Android devices from the Google Play Store.
Closed lcuis closed 2 years ago
lcuis
commented
2 years ago Also, the same app got the "Tamper" RASP event while installed on our Android devices from the Google Play Store.
lcuis
commented
2 years ago During their tests of the Android release, the Google Play store apparently got the "Untrusted installation" RASP event.
talsec-app
commented
2 years ago Hello,
The deviceID event is expected. When an application is reinstalled, the identifierForVendor changes (if other application from the same vendor using freeRASP is not installed). We do not recommend terminating reactions to this event (and also for device binding event)
In regards to passcode events: Apple tests may use devices without passcode turned on, therefore the event happens. It is expected.
However, in terms of Android tampering, we can see multiple appIntegrity (tamper) incidents in Kibana. All of them are cases when the application was signed using debug signing keys (C=US,O=Android,CN=Android Debug). It could be caused by using debug signing config in your release build type. If you want more detailed information about these incidents, please contact us at [info@talsec.app]().
There is a possibility of "Untrusted Installation Source" events during the Google app verification process.
We will update the documentation explaining the various events so that the severity and their relevance is properly explained. Thank you for your feedback.
lcuis
commented
2 years ago Thank you very much for those explanations.
Hi,
When we installed our first free_rasp enabled app from the Apple App Store on an iPhone 7, the app would show a "Device ID" RASP event. Is this expected?
We also noticed that there was a "Passcode" RASP event during what we presume to be the Apple tests. Is this also expected?
Is there a document explaining the various events so that we can understand their severity and relevance?